dependabot-docker 0.380.0 → 0.381.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/docker/metadata_finder.rb +1 -1
  3. data/lib/dependabot/docker_compose/file_parser.rb +2 -1
  4. data/lib/dependabot/shared/shared_file_updater.rb +2 -2
  5. metadata +4 -4
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 1c1ee4cdd89ffabadea74d61aa5eda344e708efdb7a454c987f44b5ce956c021
4
- data.tar.gz: 985452621d56616c424a629f1c06a573a9254281fecbe4fb647cce173adf5cad
3
+ metadata.gz: 594eace484f3785999d308bfa51c89852a3c8a9ad4a3df078d6877da95911011
4
+ data.tar.gz: 02c6632d9724e223b2e7759c861274d05f76bcdf387598faa248450132c6e118
5
5
  SHA512:
6
- metadata.gz: e860ac6355ea6f29512df0f498d462a58c843a77be2104288caad5a9451b555e423104a570e454d5f1db559b22c7432b758f95db981a6a2845f0ba220b0d9b9b
7
- data.tar.gz: b26bb3a77b99f9162ce152cd7b7e7390174c9b65c518c5c53cee8836e732b60448d81f38b410c33b0d7c189e3a0a32b0094bf8e2ad4cdfb1157019bfdf5378e8
6
+ metadata.gz: 3a1ad82c40987ad25327373dca49c81d604f14aee3a0c1e4751821677e7bb0e48e7d324366f8d500b07148d70e17774e4b39b7d08af9d095e461450c74bbbc88
7
+ data.tar.gz: c5c315b5b419d28fe8bec64a25383e9149d7d2d267c945da70a20f9c9dd592e9e7ac20ec0fb9b3325c8690489d04e571a49b1185a1c2538d3511660019539040
data/lib/dependabot/docker/metadata_finder.rb CHANGED
@@ -45,7 +45,7 @@ module Dependabot
45
45
  )
46
46
  end
47
47
  def image_details(source)
48
- registry = source[:registry]
48
+ registry = source[:registry].to_s.sub(%r{^oci://}, "")
49
49
  tag = source[:tag]
50
50
  digest = source[:digest]
51
51
 
data/lib/dependabot/docker_compose/file_parser.rb CHANGED
@@ -37,7 +37,8 @@ module Dependabot
37
37
  dependency_set = DependencySet.new
38
38
 
39
39
  composefiles.each do |composefile|
40
- yaml = YAML.safe_load(T.must(composefile.content), aliases: true)
40
+ yaml = YAML.safe_load(T.must(composefile.content), permitted_classes: [Symbol], aliases: true)
41
+ next unless yaml.is_a?(Hash)
41
42
  next unless yaml["services"].is_a?(Hash)
42
43
 
43
44
  yaml["services"].each do |_, service|
data/lib/dependabot/shared/shared_file_updater.rb CHANGED
@@ -55,10 +55,10 @@ module Dependabot
55
55
  old_sources = previous_sources(file)
56
56
  new_sources = sources(file)
57
57
 
58
- updated_content = T.let(file.content, T.untyped)
58
+ updated_content = T.let(file.content, T.nilable(String))
59
59
 
60
60
  T.must(old_sources).zip(new_sources).each do |old_source, new_source|
61
- updated_content = update_digest_and_tag(updated_content, old_source, T.must(new_source))
61
+ updated_content = update_digest_and_tag(T.must(updated_content), old_source, T.must(new_source))
62
62
  end
63
63
 
64
64
  raise "Expected content to change!" if updated_content == file.content
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-docker
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.380.0
4
+ version: 0.381.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
@@ -15,14 +15,14 @@ dependencies:
15
15
  requirements:
16
16
  - - '='
17
17
  - !ruby/object:Gem::Version
18
- version: 0.380.0
18
+ version: 0.381.0
19
19
  type: :runtime
20
20
  prerelease: false
21
21
  version_requirements: !ruby/object:Gem::Requirement
22
22
  requirements:
23
23
  - - '='
24
24
  - !ruby/object:Gem::Version
25
- version: 0.380.0
25
+ version: 0.381.0
26
26
  - !ruby/object:Gem::Dependency
27
27
  name: debug
28
28
  requirement: !ruby/object:Gem::Requirement
@@ -266,7 +266,7 @@ licenses:
266
266
  - MIT
267
267
  metadata:
268
268
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
269
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.380.0
269
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.381.0
270
270
  rdoc_options: []
271
271
  require_paths:
272
272
  - lib